WHO LOGS CERTIFICATES
Certificate Authority (CA)
Authenticates and verifies identity; issues certificate
CAs log SSL/TLS certificates as part of issuance process
Third parties seek out, find, and log certificates to promote system transparency
Public Certificate Transparency Log Server
WHO ACCESSES THE LOGS
Business or Domain Owners / IT
Web Browsers & Data Aggregators
Security Professionals and Applications
Key stakeholders and interested parties can easily monitor the logs to quickly identify and mitigate maliciously or mis-issued certificates.
You can also check for Certificate Transparency in the certificate details. If you are using certificates issued before October 1, 2017, you may need to upgrade, replace or reissue your certificate. If your website is not CT-compliant with logged certificates, users may see warnings in Google Chrome.
If you want to hide the details of your private website, choose 'Root domain names only' when enrolling new certificates. This is covered by the latest version of the Internet Engineering Task Force (IETF) standards but may not be respected by all browsers or Certificate Transparency logs.
CT is standard in all our SSL/TLS certificates. It works like this: Certificate Authorities, such as DigiCert, log new certificates in publicly accessible, tamper-proof registries. Browsers can use these logs to verify certificates, and IT managers can also use them to spot problems, including improperly issued, out-of-policy and rogue certificates.